CVE-2025-37809

CVE-2025-37809 : In the Linux kernel, the usb: typec: class path fixes a NULL pointer dereference that can occur when concurrent calls to typec_partner_unlink_device race with pointer usage. The patch adds a mutex to protect USB device pointers and the partner device registration, preventing NULL...

CVE-2025-37818

LoongArch Linux kernel vulnerability CVE-2025-37818: the issue originates from huge_pte_offset() returning a PMD slot pointer even when the underlying pmd points to an invalid_pte_table, which could be misinterpreted as a swap entry by generic is_swap_pte() and lead to a crash in pfn_swap_entry_t...

CVE-2025-37915

CVE-2025-37915 affects the Linux kernel’s net_sched code, specifically the drr scheduler when a netem child qdisc is involved. The issue was a double addition of the same classifier to the active_list, which could cause memory corruption due to reentrancy in the parent qdisc enqueue path (not a U...

CVE-2025-37917

CVE-2025-37917 involves the Linux kernel net/ethernet MTK Star EMAC driver. The root cause is spinlock recursion that can occur when DMA interrupts are re-enabled during rx/tx poll. The vulnerability arises from using plain spin_lock/spin_unlock in mtk_star_emac, instead of the appropriate irq-sa...

CVE-2025-37927

CVE-2025-37927 affects the Linux kernel’s iommu/amd subsystem (parse_ivrs_acpihid). A string parsing logic error could cause a buffer overflow in HID or UID buffers when combining strings, because ACPIID_LEN is compared to the total length rather than the lengths of the individual HID and UID buf...

CVE-2025-38396

The CVE-2025-38396 entry concerns the Linux kernel vulnerability where anon_inode_make_secure_inode() is exported to allow KVM guest_memfd to create anonymous inodes with proper security context, fixing a secretmem LSM bypass. The issue involved the S_PRIVATE flag not being cleared after alloc_an...

CVE-2004-0077

CVE-2004-0077 corresponds to a bounds-checking flaw in the Linux kernel mremap implementation (2.2 to 2.6.2). The issue arises when do_munmap return value is not properly checked after exceeding the maximum VMA descriptors, enabling a local attacker to gain root privileges. Connected advisories c...

CVE-2004-0949

CVE-2004-0949 affects the Samba filesystem smbfs in Linux kernel 2.4/2.6, where smb_recv_trans2 fails to reassemble fragmented packets, allowing a remote attacker via the network to read arbitrary kernel information or to inflate a counter by replaying the first fragment. Public advisories (RHSA,...

CVE-2004-1335

The CVE-2004-1335 entry describes a memory leak in the Linux kernel’s ip_options_get function (pre-2.6.10) that can cause local denial of service via repeated ip_cmsg_send calls. Affected component is the kernel networking stack; impact is partial availability due to memory exhaustion. The vulner...

CVE-2007-1357

Technical details about CVE-2007-1357 are not provided in the connected documents; no affected products, root cause, or fixes are listed here. Monitor for updates.

CVE-2007-5966

CVE-2007-5966 is a Linux kernel local privilege escalation: integer overflow in hrtimer_start (kernel/hrtimer.c) before 2.6.23.10 allows local users to run arbitrary code or cause a denial of service via a large relative timeout. Affected: Linux kernel versions prior to 2.6.23.10. Remediation: up...

CVE-2008-3272

The CVE-2008-3272 issue affects the Linux kernel sound subsystem (sound/core/seq/oss/seq_oss_synth.c). The root cause is that snd_seq_oss_synth_make_info does not verify that the device number lies within the range defined by max_synthdev before returning data, enabling local users to leak sensit...

CVE-2008-5182

The connected Nessus advisory for MiracleLinux 3 (AXSA:2009-22:03) references CVE-2008-5182 in the inotify subsystem of the Linux kernel. Affected product: MiracleLinux 3 running kernel 2.6.18-53.21AXS3. Vulnerability type/root cause: a race condition related to inotify watch removal and unmount,...

CVE-2009-0031

CVE-2009-0031 affects Linux kernel 2.6.29-rc2 and earlier, caused by a memory leak in keyctl_join_session_keyring (security/keys/keyctl.c) that can allow local users to consume kernel memory and trigger a denial of service. Root cause described as a missing kfree. Connected advisories (e.g., RHSA...

CVE-2010-3298

CVE-2010-3298 affects the Linux kernel. The hso_get_count function in drivers/net/usb/hso.c, in kernel builds before 2.6.36-rc5, does not initialize a certain structure member, which allows local users to read potentially sensitive information from kernel stack memory via the TIOCGICOUNT ioctl. T...

CVE-2010-4079

CVE-2010-4079 affects the Linux kernel ivtvfb driver (ivtvfb_ioctl in drivers/media/video/ivtv/ivtvfb.c) prior to 2.6.36-rc8. The root cause is failure to initialize a structure member, enabling local users to leak information from kernel stack memory via the FBIOGET_VBLANK ioctl. Affected versio...

CVE-2010-4525

CVE-2010-4525: The Linux kernel up to 2.6.34.y omits initialization of kvm_vcpu_events->interrupt.pad, enabling local attackers to read potentially sensitive data from kernel stack memory via unspecified vectors. The affected component is kernel/KVM (Linux kernel 2.6.33/2.6.34.y). Multiple adv...

CVE-2011-1573

CVE-2011-1573: Linux kernel SCTP (net/sctp/sm_make_chunk.c) can OOPs DoS when addip_enable and auth_enable are used because INIT/INIT-ACK length calculation ignores zero padding. Affects kernels before 2.6.34; patch/fix shipped in 2.6.34+. vulnerable component/file: sm_make_chunk.c; impact: denia...

CVE-2011-2689

The vulnerability CVE-2011-2689 affects the Linux kernel’s gfs2_fallocate path (fs/gfs2/file.c). It occurs in versions before 3.0-rc1, where the size of a chunk allocation may not be a multiple of the filesystem block size. This can allow a local user to trigger a denial of service and system cra...

CVE-2012-4565

CVE-2012-4565 affects the Linux kernel up to version 3.4.18 (pre-3.4.19) in tcp_illinois_info within net/ipv4/tcp_illinois.c. When net.ipv4.tcp_congestion_control illinois is enabled, local users can trigger a divide-by-zero OOPS by reading TCP stats, causing denial of service. Mitigation is to u...

CVE-2012-6542

The CVE-2012-6542 issue affects the Linux kernel prior to 3.6. It involves the function llc_ui_getname in net/llc/af_llc.c returning an incorrect value under certain circumstances, enabling local users to read sensitive data from kernel stack memory via an application that uses an uninitialized p...

CVE-2013-0228

CVE-2013-0228 affects the Linux kernel before 3.7.9 on 32-bit Xen paravirt_ops platforms, where xen_iret in arch/x86/xen/xen-asm_32.S mishandles an invalid DS segment value. This allows guest OS users to gain guest OS privileges via a crafted application. Remediation is a kernel update to include...

CVE-2013-4350

CVE-2013-4350 affects the Linux kernel IPv6 SCTP code (net/sctp/ipv6.c) up to version 3.11.1. The vulnerability arises because the data structures and function calls fail to trigger an intended IPsec encryption configuration, enabling remote attackers to sniff traffic and obtain sensitive informa...

CVE-2015-4692

CVE-2015-4692 affects the Linux kernel’s KVM code: in arch/x86/kvm/lapic.h, the kvm_apic_has_events() function may dereference a NULL pointer via an ioctl to /dev/kvm, enabling a local attacker to cause a denial of service (system crash). The description indicates the issue exists through kernel ...

CVE-2016-10318

The CVE-2016-10318 issue affects the Linux kernel’s ext4 and f2fs filesystem encryption support (fs/crypto/policy.c). It is caused by a missing authorization check in fscrypt_process_policy, allowing a user to assign an encryption policy to a directory owned by another user, which can lead to a d...

CVE-2016-6786

CVE-2016-6786 affects the Linux kernel’s performance subsystem: kernel/events/core.c mismanages locks during certain migrations, enabling a local user to escalate privileges. Public documents indicate this vulnerability exists in kernels before 4.0, with several Nessus advisories (Unity Linux/Mir...

CVE-2017-17853

CVE-2017-17853 affects the Linux kernel’s BPF verifier (kernel/bpf/verifier.c) up to version 4.14.8. Local users can trigger memory corruption and potentially other impact via incorrect BPF_RSH signed bounds calculations. The connected Nessus advisories for Unity Linux describe the same issue and...

CVE-2018-6412

CVE-2018-6412 affects the Linux kernel sbusfb_ioctl_helper() in drivers/video/fbdev/sbuslib.c up to and including 4.15. It introduces an integer signedness error that could allow an attacker to leak arbitrary information via the FBIOPUTCMAP_SPARC and FBIOGETCMAP_SPARC ioctls, impacting confidenti...

CVE-2021-47039

CVE-2021-47039 entry is rejected and not an active vulnerability entry.

CVE-2021-47087

The CVE-2021-47087 entry concerns the Linux kernel: tee: optee fix for an incorrect page free bug. The issue arises when a pointer to an allocated struct page is already advanced near the end of allocation, making __free_pages(page, order) unsafe if the pointer isn’t reset. The documented fix sto...

CVE-2021-47179

CVE-2021-47179 : In the Linux kernel, a NULL pointer dereference in NFSv4 pnfs_mark_matching_lsegs_return() occurs when _pnfs_return_layout() calls pnfs_mark_matching_lsegs_return() with a NULL struct pnfs_layout_range, which is not checked. This leads to an oops/crash. The issue has concrete det...

CVE-2021-47181

The CVE-2021-47181 issue affects the Linux kernel code path for usb: musb: tusb6010. The root cause is a missing NULL check after platform_get_resource(), which can lead to a NULL pointer dereference if platform_get_resource() returns NULL. Public sources describe the vulnerability and impact as ...

CVE-2021-47210

The CVE-2021-47210 issue affects the Linux kernel USB Type-C subsystem (tipd) specifically in tps6598x_block_read. The fix removes a WARN_ON and ensures that calls with length exceeding the allowed maximum return an error instead of triggering a crash under panic-on-warn. This change mitigates lo...

CVE-2021-47212

CVE-2021-47212 affects the Linux kernel in the mlx5/ib stack. The issue arises in the fast unload flow where the device state enters internal error during a destroy command, causing a call path that would return EIO. The fix updates MLX5_CMD_OP_DESTROY_UCTX and MLX5_CMD_OP_DESTROY_UMEM to return ...

CVE-2021-47323

CVE-2021-47323 affects the Linux kernel watchdog driver sc520_wdt: use-after-free can occur if timer removal uses del_timer() during device removal. The issue is addressed by replacing del_timer() with del_timer_sync() to ensure the timer handler finishes before teardown, preventing potential use...

CVE-2021-47366

Summary (CVE-2021-47366) : In the Linux kernel AFS client vulnerability, reads from an OpenAFS server could be corrupted when file positions or read lengths exceeded 2G, due to switching between FS.FetchData (signed 32-bit pos/len) and FS.FetchData64. The fix captures file server capabilities via...

CVE-2021-47404

Summary (CVE-2021-47404): The issue stems from a slab-out-of-bounds write in the HID Betop driver (betopff) in the Linux kernel. Syzbot observed a write beyond slab bounds due to assuming an input report exists; malicious devices can violate this assumption. The public advisories, including Astra...

CVE-2021-47550

CVE-2021-47550 corresponds to a memleak in the Linux kernel DRM/AMD amdgpu path. Specifically, amdgpu_get_xgmi_hive may leak if kobject_init_and_add fails and kobject_put is not called. The connected Nessus/OpenVAS advisories reproduce this description and reference kernel-level fixes in the amdg...

CVE-2021-47596

CVE-2021-47596 is a Linux kernel use-after-free in the hns3 driver (net: hns3: fix use-after-free bug in hclgevf_send_mbx_msg). The vulnerability arises from the removal sequence where the netdevice is freed during client removal, while the acceleration engine’s uninstall step still traces runtim...

CVE-2021-47653

The CVE-2021-47653 case concerns a Linux kernel media/davinci vpif driver use-after-free on driver unbind. The driver allocates two platform device structures during probe and fails to deregister them on unbind, risking freeing device resources at remove() time. The published fix adds the missing...

CVE-2022-48634

Summary of CVE-2022-48634 (Linux kernel) : Affects the gma500/GPU path in the Linux kernel. The fault was that gma_crtc_page_flip() held the event_lock spinlock while calling crtc_funcs->mode_set_base(), which takes ww_mutex, creating a sleeping context in an invalid path. The unlock should oc...

CVE-2022-48911

CVE-2022-48911 affects the Linux kernel nf_queue path in the netfilter subsystem. The vulnerability arises from a use-after-free risk when skb/nf_queue handling interacts with sock_hold/sk_refcnt, potentially causing a stored packet to be mishandled; on failure the packet is dropped by the caller...

CVE-2022-49003

CVE-2022-49003 involves a race in the Linux kernel NVMe multipath code where walking nvme_ns_head siblings protected by SRCU was not synchronized in nvme_mpath_revalidate_paths(), and concurrent scan work could free a namespace, causing a use-after-free. The fix protects the head’s SRCU during nv...

CVE-2022-49020

In CVE-2022-49020, the Linux kernel’s net/9p code has a socket leak: p9_fd_create_tcp() and p9_fd_create_unix() call p9_socket_open(), and if p9_trans_fd creation fails they return an error without releasing the socket. The root cause is failure to sock_release() the socket, which this patch fixe...

CVE-2022-49065

In CVE-2022-49065, the Linux kernel SUNRPC service saw a NULL dereference when a sunrpc svc_rqst was deferred with tracing enabled. The fix avoids relying on dr->xprt after reevaluating the trace event format; the dr::addr is converted to a presentation address and stored as a string in TP_fas...

CVE-2022-49085

CVE-2022-49085 affects the Linux kernel’s drbd path, fixing five use-after-free bugs in get_initial_state where skb could be freed and later dereferenced. The issue arises when notify_initial_state_done and subsequent notify_*_state_change calls free skb on error, leading to a use-after-free via ...

CVE-2022-49102

CVE-2022-49102 affects the Linux kernel. The issue, resolved by a patch from habanalabs, fixes a memory leak in the MMU DR finalization path when the host-resident shadow is NULL, which can occur because the DR and HR are not dependent. The patch addresses a copy-paste error and prevents the leak...

CVE-2022-49154

The CVE-2022-49154 entry is validated by connected advisories describing a Linux kernel KVM SVM issue: an out-of-bounds guest IRQ in svm_update_pi_irte() could crash when guest_irq comes via KVM_IRQFD. The root cause is an out-of-bounds access that could trigger a crash; the mitigation is a kerne...

CVE-2022-49183

CVE-2022-49183: Linux kernel net/sched act_ct had a ref-leak when switching zones or network namespaces without a ct clear, leaking the old ct entry due to tcf_ct_skb_nfct_cached() returning false. The fix is to free the ct entry at tcf_ct_skb_nfct_cached() since the ct entry is not reusable. Con...

CVE-2022-49185

The CVE-2022-49185 entry concerns a Linux kernel pinctrl nomadik issue where of_node_put() was missing in nmk_pinctrl_probe, risking a refcount leak. The fix adds a call to of_node_put() to balance the refcount returned by of_parse_phandle(), as described across connected advisories (Astra Linux,...